From e8c1d7c7e7d6ff0ec6f508c5f953a88584c25fed Mon Sep 17 00:00:00 2001 From: Tanner Gooding Date: Sun, 12 Feb 2023 09:21:00 -0800 Subject: [PATCH] Updating repo infrastructure and use new sign client --- .github/workflows/ci.yml | 77 +++++++++++++++++++++++---------- Directory.Build.props | 2 +- Directory.Packages.props | 6 +-- scripts/SignClientSettings.json | 13 ------ scripts/build.ps1 | 2 +- scripts/build.sh | 2 +- 6 files changed, 60 insertions(+), 42 deletions(-) delete mode 100644 scripts/SignClientSettings.json diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 641fd592..521bc25b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,10 @@ name: ci on: push: - branches: [ main ] + branches: [ main, v* ] pull_request: - branches: [ main ] + branches: [ main, v* ] + workflow_dispatch: jobs: windows-x64: @@ -40,7 +41,7 @@ jobs: shell: cmd - uses: actions/upload-artifact@v3 with: - name: ${{ matrix.os }}_${{ matrix.configuration }}_x86 + name: ${{ matrix.os }}_${{ matrix.configuration }}_${{ matrix.architecture }} path: | ./artifacts/bin/**/* ./artifacts/log/**/* @@ -96,14 +97,6 @@ jobs: env: EXCLUDE_RUN_ID_FROM_PACKAGE: true EXCLUDE_SUFFIX_FROM_VERSION: false - - uses: actions/setup-dotnet@v2 - if: ${{ github.event_name == 'push' }} - with: - dotnet-version: '6.0.x' - - run: dotnet tool install --tool-path ./artifacts/tools SignClient - if: ${{ github.event_name == 'push' }} - - run: ./artifacts/tools/SignClient "Sign" --baseDirectory "${{ github.workspace }}/artifacts/pkg" --input "**/*.nupkg" --config "${{ github.workspace }}/scripts/SignClientSettings.json" --filelist "${{ github.workspace }}/scripts/SignClientFileList.txt" --user "${{ secrets.SC_USER }}" --secret "${{ secrets.SC_PASS }}" --name "ClangSharp" --description "ClangSharp" --descriptionUrl "https://github.com/dotnet/clangsharp" - if: ${{ github.event_name == 'push' }} - uses: actions/upload-artifact@v3 with: name: nuget_preview @@ -113,6 +106,29 @@ jobs: ./artifacts/pkg/**/* ./artifacts/tst/**/* if-no-files-found: error + sign-nuget-preview: + runs-on: windows-latest + if: ${{ github.event_name == 'push' }} + needs: [ build-nuget-preview ] + permissions: + id-token: write + steps: + - uses: actions/checkout@v3 + - uses: actions/download-artifact@v3 + with: + name: nuget_preview + path: ./artifacts + - uses: actions/setup-dotnet@v3 + with: + dotnet-version: '6.0.x' + - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.0-beta.23063.3 + - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name ".NET Foundation" --description "ClangSharp" --description-url "https://github.com/dotnet/clangsharp" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}" + - uses: actions/upload-artifact@v3 + with: + name: sign_nuget_preview + path: | + ./artifacts/pkg/**/* + if-no-files-found: error build-nuget-release: runs-on: windows-latest steps: @@ -122,14 +138,6 @@ jobs: env: EXCLUDE_RUN_ID_FROM_PACKAGE: true EXCLUDE_SUFFIX_FROM_VERSION: true - - uses: actions/setup-dotnet@v2 - if: ${{ github.event_name == 'push' }} - with: - dotnet-version: '6.0.x' - - run: dotnet tool install --tool-path ./artifacts/tools SignClient - if: ${{ github.event_name == 'push' }} - - run: ./artifacts/tools/SignClient "Sign" --baseDirectory "${{ github.workspace }}/artifacts/pkg" --input "**/*.nupkg" --config "${{ github.workspace }}/scripts/SignClientSettings.json" --filelist "${{ github.workspace }}/scripts/SignClientFileList.txt" --user "${{ secrets.SC_USER }}" --secret "${{ secrets.SC_PASS }}" --name "ClangSharp" --description "ClangSharp" --descriptionUrl "https://github.com/dotnet/clangsharp" - if: ${{ github.event_name == 'push' }} - uses: actions/upload-artifact@v3 with: name: nuget_release @@ -139,12 +147,35 @@ jobs: ./artifacts/pkg/**/* ./artifacts/tst/**/* if-no-files-found: error + sign-nuget-release: + runs-on: windows-latest + if: ${{ github.event_name == 'push' }} + needs: [ build-nuget-release ] + permissions: + id-token: write + steps: + - uses: actions/checkout@v3 + - uses: actions/download-artifact@v3 + with: + name: nuget_release + path: ./artifacts + - uses: actions/setup-dotnet@v3 + with: + dotnet-version: '6.0.x' + - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.0-beta.23063.3 + - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name ".NET Foundation" --description "ClangSharp" --description-url "https://github.com/dotnet/clangsharp" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}" + - uses: actions/upload-artifact@v3 + with: + name: sign_nuget_release + path: | + ./artifacts/pkg/**/* + if-no-files-found: error publish-nightlies-azure: runs-on: ubuntu-latest if: ${{ github.event_name == 'push' }} - needs: [ windows-x64, windows-x86, linux-x64, macos-x64, build-nuget-preview ] + needs: [ windows-x64, windows-x86, linux-x64, macos-x64, sign-nuget-preview, sign-nuget-release ] steps: - - uses: actions/download-artifact@v2 + - uses: actions/download-artifact@v3 with: name: windows_release_x64 path: ./artifacts @@ -158,9 +189,9 @@ jobs: publish-nightlies-github: runs-on: ubuntu-latest if: false - needs: [ windows-x64, windows-x86, linux-x64, macos-x64, build-nuget-preview ] + needs: [ windows-x64, windows-x86, linux-x64, macos-x64, sign-nuget-preview, sign-nuget-release ] steps: - - uses: actions/download-artifact@v2 + - uses: actions/download-artifact@v3 with: name: windows_release_x64 path: ./artifacts diff --git a/Directory.Build.props b/Directory.Build.props index 9ca0e4ac..e523cddd 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -45,7 +45,7 @@ $(BaseArtifactsPath)pkg/$(Configuration)/ ClangSharp ClangSharp - 15.0.2 + 15.0.3 rc1 pr diff --git a/Directory.Packages.props b/Directory.Packages.props index b45d2ecd..9552abe2 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -15,11 +15,11 @@ - + - - + + diff --git a/scripts/SignClientSettings.json b/scripts/SignClientSettings.json deleted file mode 100644 index fe1c8c9b..00000000 --- a/scripts/SignClientSettings.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "SignClient": { - "AzureAd": { - "AADInstance": "https://login.microsoftonline.com/", - "ClientId": "c248d68a-ba6f-4aa9-8a68-71fe872063f8", - "TenantId": "16076fdc-fcc1-4a15-b1ca-32c9a255900e" - }, - "Service": { - "Url": "https://codesign.dotnetfoundation.org/", - "ResourceId": "https://SignService/3c30251f-36f3-490b-a955-520addb85001" - } - } -} diff --git a/scripts/build.ps1 b/scripts/build.ps1 index 523c91b1..61197fd6 100644 --- a/scripts/build.ps1 +++ b/scripts/build.ps1 @@ -173,7 +173,7 @@ try { Create-Directory -Path $DotNetInstallDirectory & $DotNetInstallScript -Channel 6.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture - & $DotNetInstallScript -Channel 7.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture -Quality preview + & $DotNetInstallScript -Channel 7.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture $env:PATH="$DotNetInstallDirectory;$env:PATH" } diff --git a/scripts/build.sh b/scripts/build.sh index 371a6792..a7fbb8a7 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -205,7 +205,7 @@ if [[ ! -z "$architecture" ]]; then CreateDirectory "$DotNetInstallDirectory" . "$DotNetInstallScript" --channel 6.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture" - . "$DotNetInstallScript" --channel 7.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture" --quality preview + . "$DotNetInstallScript" --channel 7.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture" PATH="$DotNetInstallDirectory:$PATH:" fi